Techniques for printing with integrated paper sheet identification

ABSTRACT

A printing method and apparatus includes fingerprinting a sheet of printable media such as paper to obtain a fingerprint. The fingerprint is encrypted using an encryption key known only to the user wanting to print the document. The encrypted fingerprint is then encoded and transferred to the document as machine readable information.

CROSS-REFERENCES TO RELATED APPLICATIONS

This application claims priority from U.S. Provisional Application No.60/707,739, filed Aug. 12, 2005 and from U.S. Provisional ApplicationNo. 60/708,735, filed Aug. 15, 2005, both of which are fullyincorporated herein by reference for all purposes.

This application is related to commonly owned, concurrently filed U.S.Application No. <unassigned>, entitled “TECHNIQUES FOR GENERATING ANDUSING A FINGERPRINT FOR AN ARTICLE” filed concurrently with thisapplication, and is fully incorporated herein by reference for allpurposes.

The following is fully incorporated herein by reference for all purposes(referred to herein as “Cowburn”) PCT Publication No. WO 2005/088533,entitled “Authenticity Verification Methods, Products, and Apparatuses.”

BACKGROUND OF THE INVENTION

The present invention relates generally to printing techniques and inparticular to verifiable printing.

Secured paper is commonly associated with currency, stocks, and otherfinancial instruments. The production of conventional secured paper iscostly in terms of the paper stock (because specialized paper havingsecurity features is required) and the printing equipment (becausespecial inks and printing machinery is required). Many businesses couldbenefit if secured paper document capability was cost-effectivelyavailable.

Various techniques are known for uniquely signaturizing a paper documentbased on inherent characteristics of the paper. This allows a recipientto verify the originality of a document by obtaining a signature of thepaper document in question and comparing it against a data store ofsignatures of documents.

BRIEF SUMMARY OF THE INVENTION

The present invention provides for secured printed documents. A printeris provided that performs fingerprinting of a sheet for printing touniquely identify the sheet. The resulting fingerprint is encrypted toproduce cyphertext. The encryption is performed using an encryption keyprovided by a user (the signing authority). The cyphertext is thenpaired with its corresponding decryption key and the data pair is thenencoded using an encoding scheme; for example, barcode encoding can beused to create a barcode representation of the cyphertext and decryptionkey.

The printed sheet thus contains an encrypted fingerprint of the sheetand a decryption key. A recipient of the printed sheet can verify thatthe sheet is the original printed sheet and not a photocopy by decodingthe printed machine readable information to obtain the encryptedfingerprint data and the decryption key, retrieving the clear text formof the encrypted fingerprint using the decryption key, and comparingthat against a fingerprint of the received printed sheet. Furthermore,the recipient is assured that the received printed sheet was in factproduced by the signing authority because the decryption key iscertified as belonging to the signing authority.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1A is a schematic representation of the components of a printer inaccordance with an embodiment of the present invention.

FIG. 1B is a schematic representation of the components of a printer inaccordance with another embodiment of the present invention.

FIG. 2 is a schematic view of an illustrative embodiment of the scanningapparatus 102 shown in FIG. 1.

FIG. 3 is a high level description of the process for generating asignature of an article using the scanning apparatus of FIG. 2.

FIGS. 4A-4C are high level representations of the information flow amongcomponents which participate in a print request according to variousembodiments of the present invention.

FIG. 5A-5C are high level flow charts of the processing that takes placeamong the components respectively illustrated in FIGS. 4A-4C.

FIGS. 6A and 6B show data structures for storing data in accordance withthe present invention.

FIG. 7 illustrates a sheet of printable medium having embedded thereinan RFID tag.

FIG. 8 illustrates printing multiple images on a sheet of printablemedium in accordance with the present invention.

FIGS. 9 and 9A illustrate encryption sequences in accordance withembodiments of the present invention.

DETAILED DESCRIPTION OF THE INVENTION

An illustrative embodiment of the present invention is shown in theschematic diagram of FIG. 1A. A printing source 122 is in datacommunication with a printing apparatus 124 and with a databasesubsystem 132. The printing source 122 is typically a personal computer,but can be any computer-based device that requires and initiatesprinting services. Data communication between the printing source 122and the printing apparatus 124 can be over a direct connection betweenthe two components, over communication network, over a wirelessconnection, and so on.

The printing apparatus 124 includes a control portion 102 for datacommunication with an external computer, such as printing source 122,and to control the various operations of the printing apparatus. In aspecific implementation, the control portion 102 may include a processorwith suitable programming code to operate the processor, and suitablesupporting logic.

A source 104 provides printable media, such as paper, that are fed alonga process path 128 to be subject to processing by other components ofthe printing apparatus 124. FIG. 1A shows a sheet of printable medium126 (e.g., paper is common) as it progresses along the process path 128(indicated by the arrows). Although FIG. 1A depicts source 104 as apaper tray found in conventional printers, it is understood that source104 can be configured to dispense the printable media in a fashion thatis suitable for the nature of the printable media. Also, it is notedthat the phrase “a sheet of printable medium” in the context of thepresent invention is meant to convey the notion of a unit of printedoutput. For example, in the case of a roll of paper, the entire rollmight be construed as comprising a large sheet. However, in the contextof the present invention, an individual sheet may be cut from the rollduring servicing of a print job.

A sheet of printable medium 126 feeds along the process path 128 to afingerprinting portion comprising a scan control and processing unit 106b and a scanner 106 a to perform a scan of a portion of the sheet toobtain a fingerprint that can uniquely identify the specific sheet ofprintable medium. Further downstream along the process path 128 is aprint engine 108 comprising a print head 108 a. The print engine 108 canuse laser printing technology, ink-jet printing technology, or any otherknown printing technology suitable for the printing apparatus 124. Thesheet of printable medium 126 proceeds along the process path 128 to aterminus 110 where it exits the printing apparatus 124 as a completedprint job.

The control module 102 includes suitable program instructions to receivea print request from the printing source 122 and to interact with theprinting source in accordance with the present invention to service theprint request. The printing source 122 includes corresponding softwarecommonly referred to as a printer driver (not shown) that serves tointeract with the control module 102, as will be discussed in furtherdetail below.

An alternative embodiment of the present invention is illustrated inFIG. 1B. Elements common to FIG. 1A and to FIG. 1B are referenced by thesame reference numerals. In this particular embodiment, the printingapparatus 124 a comprises the printing components 108, 108 a. The scancontrol and processing unit 106 b and scanner 106 a are contained in afingerprinting unit 124 b. The control module 102 is shown to be in datacommunication with the fingerprinting unit 124 b to control the scancontrol and processing unit 106 b, and for any exchange of data betweenthe fingerprinting unit 124 b and the printing apparatus 124 a.

The process path 128′ begins at the source 104 in the fingerprintingunit 124 b, where a sheet of printable medium 126 is retrieved anddelivered past the scanner 106 a, to obtain a fingerprint of theprintable medium. A suitable coupling (not shown) is provided betweenthe fingerprinting unit 124 b and the printing apparatus 124 a thatallows the process path 128′ to feed the sheet of printable medium intothe printing apparatus. There, the print job is completed and theprinted sheet is produced at the terminus 110 of the process path 128′.Of course, it will be appreciated that still other embodiments providingthe same combination of functions are possible.

FIG. 2 is a schematic view of an illustrative embodiment of the scanner106 a of FIG. 1A in accordance with the present invention. The basicoperation of the scanner 106 a is fully described in Cowburn. Variationsof the scanner 106 a in accordance with aspects of the present inventionnot otherwise disclosed or suggested by Cowburn are disclosed below.Additional details of the scanner 106 a not otherwise relevant to thepresent invention are disclosed in Cowburn.

In FIG. 2, the principal optical components of the scanner 106 a includea laser source 222 for generating a coherent laser beam 224 and adetector arrangement 232 comprising a plurality of photodetectorelements 232 a-232 d. Although the specific embodiment illustrated inFIG. 2 shows four photodetector elements, it will be appreciated thatother numbers of photodetector elements may be employed. The laser beam224 is focused by a lens 226 to form an elongate focus extending in they-direction (perpendicular to the plane of the drawing) and passingthrough in a reading volume 228. The optical components are contained inan optics subassembly 202.

The photodetectors 232 a-232 d are distributed about the beam atdifferent angles to collect light scattered from a portion of an articlepresent in the reading volume 228, detecting the light scattered by thearticle when the coherent beam scatters from the reading volume. Asillustrated in FIG. 2, the laser source 222 directs the laser beam 224with its beam axis parallel to the z-axis (i.e., zero degrees relativeto the z-axis). In accordance with an embodiment of the presentinvention, the laser source 222 can be selectively manipulated to directthe laser beam 224 with its beam axis at a non-zero degree anglerelative to the z-axis.

FIGS. 1A and 1B show that the printable medium 126 is carried along theprocess path 128 past the scanner 106 a. In these embodiments, thescanner 106 a is stationary. However, in an alternative embodiment, theprintable medium 126 can be conveyed to a position along the processpath 128 and maintained at that position while the scanner 106 a isoperated to perform the scan operation. In such an embodiment, thescanner 106 a can be provisioned with a drive mechanism. As shown inFIG. 2, an example of such a drive mechanism includes a drive motor 204to provide linear motion of the optics subassembly 202 via suitablebearings 206. In one embodiment of the present invention, the opticssubassembly 202 is translated along the x-axis as indicated by thearrows 208. In another embodiment of the present invention, the drivemotor 204 can provide controlled translational motion of the opticsassembly 202 in the x-y direction.

FIG. 3 is a high level overview of the process for generating asignature (also referred to herein as a “fingerprint”) of an articleusing the scanner 106 a of FIG. 2. Additional details not otherwiserelevant to the discussion of the present invention herein are disclosedin Cowburn.

In a step 302, an article is fed to the scanner 106 a. As portions ofthe article pass through the reading volume 228, the laser beam 224incident on the surface of the article are scattered due to reflectionsfrom the inhomogeneous structures of the intrinsic surface features ofthe article. The scattered light is detected by the photodetectors 232a-232 d (step 304). In a step 306, data is acquired by analog-to-digitalconversion of the analog signals output from the photodetectors 232a-232 d as they detect the scattered light. This step can be performedby a processor in the scan control and processing unit 106 b operatedaccording to suitable programming code. The scattered light producedduring the scanning operation results in a unique optical response inthe output signals of the photodetectors 232 a-232 d. As explained morefully in Cowburn, the unique optical response arises from the uniquescattering of incident light as it reflects from the irregularmicroscopic structures of the surface of the article. For example,articles such as paper possess surface features which at the microscopiclevel are structures of intermeshing of fibers and other such materialswhich make up paper, generally referred to as intrinsic structure of thearticle.

In a step 308, the data that is collected from the A/D conversion of thesignals from the photodetectors 232 a-232 d is processed by the scancontrol and processing unit 106 b to produce a signature, the details ofwhich are outside of the scope of the present invention but aredisclosed in Cowburn. The data that results from the process uniquelyidentifies the article, and will be referred to herein as “fingerprintdata” or “signature data.” Programming code in the scan control andprocessing unit 106 b can operate the processor to perform this step.

In accordance with the present invention, a process for printingprovides for digitally signed documents thus guaranteeing the originatorof the document, and guarantees the document to be the originallyprinted document and not a photocopy or otherwise forged copy of theoriginal document. FIGS. 4A and 5A illustrate a process flow forhandling a print request in accordance with the present invention. FIG.4 is a schematic representation of the flow of information among themajor components which participate in a print request. FIG. 5 highlightsthe steps in the process.

A user 402 begins the process by sending a request (step 501) to aprinting source 422 (typically a computer; e.g. a PC) to print one ormore documents. The user can be a human user, or a machine-type “user”(e.g., an automated print task executing on the same computer, or adifferent computer).

A suitable printer driver 422 a can be installed in the printing source422 to provide this functionality. A printer driver is program code thatoperates a data processor to provide a user interface to allow the userto configure the print job and to communicate with the printer toservice the print job. It is understood that the printer driver 422 a inaccordance with the present invention constitutes programming code tooperate a processor in the printing source 422 to perform the operationsdisclosed in the flow charts of FIGS. 5A-5C, including presenting userinterfaces and performing communications with the printer side component424.

In a step 502, the printing source 422 obtains an encryption key that isowned or otherwise associated with the user 402. In the case of a humanuser, this step can include presenting a query (e.g., by way of a GUI)to the user to enter her encryption key, or some information that wouldbe used to obtain her encryption key. For example, the printing source422 may have access to a configuration file that contains a list ofusers and their respective encryption keys.

A user may have more than one encryption key, each representing adifferent signing authority. For example, the user may sign as an ownerof a business, or as a private individual, when printing checks from thesame checking program, using the same computer, to the same printer. Thesigning authority can be an organization, so that theencryption/decryption key(s) is associated with the organization ratherthan a specific user. Users in that organization would share the sameencryption/decryption key(s). In the case of a machine-type user, atable of encryption keys can be provided where the specific encryptionkey is selected based on the nature of the document being printed, orthe machine can be assigned only one encryption key.

Continuing, the printing source 422, responding to the user's request,sends a print job request to the printer side component 424, in a step503. It is noted that the printer side component 424 can be configuredas exemplified in FIGS. 1A, 1B, or by any similar configuration. As willbecome apparent in the following steps, print processing in accordancewith the present invention involves two-way communication between theprinting source 422 and the printer side component 424. Many commonprinting protocols are not suitable for the type of communication neededto practice the present invention. Most printing protocols provide for ajob ID, for example, as part of the meta-data that is typicallyassociated with a print request. A special identifier can be used toopen a secondary channel between the printing source 422 and the printerside component 424, allowing for interaction in accordance with thepresent invention.

In a step 504, “fingerprinting” is performed on the printable medium onwhich the document will be printed to obtain the fingerprint data of theprintable medium. FIGS. 2 and 3 above outline the basic mechanics andprocess for generating the fingerprint data of a printable medium. Asdiscussed briefly above, the fingerprint data is based on the intrinsicstructure of the printable medium. Cowburn provides additional detailnot otherwise relevant to the present invention.

In one embodiment, the fingerprint data is obtained by scanning apredetermined surface area of the printable medium. Additional methodsfor obtaining a fingerprint are disclosed in a related, commonly owned,co-pending application, currently identified by and entitled “TECHNIQUESFOR USING A FINGERPRINT FOR AN ARTICLE”. For discussion purposes only,the description will assume fingerprinting based on scanning apredetermined surface area. It will be understood that the presentinvention can be readily adapted to incorporate the fingerprintingmethods (such as area selection) disclosed in “TECHNIQUES FOR USING AFINGERPRINT FOR AN ARTICLE”. Referring back to FIG. 1A, the controlmodule 102 can include suitable programming code to operate the scancontrol and processing unit 106 b to initiate the process (i.e.,fingerprinting) to obtain fingerprint data.

When the fingerprint data has been obtained, the printer side component424 sends the fingerprint data to the printing source 422 (step 505). Inthe case of a multi-page document, the number of pages of printablemedia is determined, and each sheet can be fingerprinted. In this case,the printer side component 424 can send a list of fingerprint data tothe printing source 422 (batch mode operation). Alternatively, theprinting source 422 and printer side component 424 can process thefingerprint data for the multiple sheets of printable media one sheet ata time.

In a step 506, the printing source 422 performs an encryption of thefingerprint data provided by the printer side component 424 using theuser-provided encryption key obtained in step 502 to produce encryptedfingerprint data (a.k.a. cyphertext). In one embodiment, the printerdriver 422 a can be configured to perform the encryption. Alternatively,the printer driver 422 a can offload the encryption task to a separatemachine. The encryption algorithm can be a symmetric algorithm, wherethe encryption and decryption keys are the same key. The encryptionalgorithm can be asymmetric (e.g., public key cryptography), in whichcase a pair of cryptographic keys are used; the keys are referred to asa public key and a private key. It will be assumed without loss ofgenerality that public key cryptography is being used.

In a step 507, the resulting encrypted fingerprint data is combined witha decryption key (unencrypted) that is associated with the user-providedencryption key. As will be discussed below, the decryption key will beused to recover the fingerprint data from the encrypted fingerprintdata. In the case of public-key/private-key encryption, theuser-provided encryption key is referred to as the private key. Thedecryption key is referred to as the public key. If a public keycertificate for a private-public key pair is issued by a trustedcertificate authority, the public key can be deemed to be a reliableindication of the user (the signing authority) who produces encrypteddata using the corresponding private key. The printer driver 422 atransmits the encrypted fingerprint data and the public key to theprinter side component 424 along with the data comprising the print job.Alternatively, the encrypted fingerprint data and the public key can betransmitted as metadata.

The phrase “fingerprint information” is being introduced at this pointto facilitate further discussions of the present invention. Thefingerprint information is the information that is transferred onto theprintable medium (e.g., printed on the printable medium), and is used tosubsequently obtain the fingerprint data of the printable medium. Inthis particular embodiment (FIGS. 4A and 5A), the fingerprintinformation comprises the encrypted fingerprint data and the public key.The fingerprint information will be different for other embodiments ofthe present invention.

In a step 508, the printer side component 424 performs processingnecessary to service the requested print job which includes printing asheet of printable media 426 to produce a printed document 426′. Inaccordance with the present invention, the printed document 426′includes machine readable information 404. The fingerprint informationis encoded to produce machine readable information 404 suitable forprinting on the printable medium. For example, the machine readableinformation 404 can be a barcode encoding of the fingerprintinformation. In this case, the barcode (e.g., two-dimensional barcode)directly represents the data comprising the fingerprint information;i.e., the barcode encodes the data comprising the fingerprintinformation. The fingerprint information is retrieved simply by properlydecoding the barcode; e.g., using a barcode scanner. Of course, otherencoding techniques can be used to encode the fingerprint information toproduce a code that can then be printed on the printable medium.

It is observed that instead of producing machine readable informationwhich is printed on the printable medium, the fingerprint informationwhich is simply binary data can be printed in human readable form; forexample in binary notation, or hexadecimal notation. Of course, the datasize of the fingerprint data may render this approach impractical.Machine readable information can be more efficient in terms of printedarea. Also, using machine readable information to represent thefingerprint operation facilitates automated verification of the printeddocument, which is the next topic of discussion.

Verification of the printed document 426′ can then be performed by asubsequent recipient. First, the machine readable information 404 isdecoded to retrieve the fingerprint information. For example, where themachine readable information is a barcode printed on the printeddocument, a barcode scanner can be used to scan the barcode and decodethe barcode to retrieve the fingerprint information (i.e., the encryptedfingerprint data and the public key in this embodiment). Recall fromstep 507, the public key identifies the signing authority of thereceived printed document (by way of a trusted certificate authority).The public key is applied to the encrypted fingerprint data to retrieveclear text (a.k.a. plaintext) fingerprint data. A fingerprint operationcan then be performed to obtain a fingerprint of the received printeddocument. If a comparison between the clear text fingerprint data andfingerprint indicates a match, then the recipient can be certain thatthe received printed document was the original document on which themachine readable information was printed, and that the document wasprinted by the signing author. It can be appreciated that this processcan be automated in a system that employs a barcode reader and afingerprinting component such as the one shown in FIG. 1A.

However, it is necessary to ensure that the substantive content of thereceived printed document had not been altered prior to receiving it.For example, an intermediate recipient of the printed document canremove the toner by scraping it, and then rewrite the contents (i.e., apalimpsest) so that the ultimate recipient receives an altered document.If the document were some sort of legal contract, for instance, it mightbe rewritten to have different terms and yet retain the same fingerprintand machine readable information. Because of how hashes work, it isimpossible to perform a verification simply by rescanning and checkingthe hash value. The reason is that scanning a document twice will almostcertainly not produce identical bit maps. Consequently, the hash valuesthat result from hashing each bitmap will likely not match.

Returning to FIG. 5A, a step 509 is provided. The printer driver 422 atransmits the unencrypted fingerprint data and an image(s) of theprinted document (“print image”) to a data store 432, at or about thetime the print job is sent to the printing side component 424. The datastore 432 can be local storage, a remote storage facility, a database(either local, or remote), and so on. FIG. 6A illustrates a datastructure for storing the fingerprint data and the print image. The“hash value” field is used in an alternative embodiment of the presentinvention, discussed below.

By retaining the scanned content, the recipient can make a visualconfirmation of the content of the received printed document against theimage of the printed document stored in the data store 432.Alternatively, an automated process can perform a match; for example,textual verification can be performed where text obtained by OCR(optical character recognition) of the received printed document iscompared to the text of the stored document image. Still other measuresof optical differences between the received printed document and thestored document image can be performed. The clear text fingerprint datacan be used as a search key to search the data store 432 to find thestored fingerprint data and the corresponding stored image.

In another embodiment of the present invention, the integrity of thestored document image can be verified. In this embodiment, step 507further includes performing a hash operation on the print image toproduce a content verification hash. The fingerprint information thusincludes a content verification hash in addition to the encryptedfingerprint data and the public key. This hash can be obtained byencoding the printed bits of the printed page image according to someimage encoding scheme, such as JPEG, TIFF, PBM or some similar encodingsystem. The resulting stream of bits is then processed using a one-waycryptographic hash function, such as MD5, SHA-1, or any of a wide arrayof such hash algorithms. In step 509, the hash can be stored in the datastructure of FIG. 6A along with the fingerprint data and the printimage.

During verification, the content verification hash that is retrievedfrom fingerprint information encoded as indicia printed on the receivedprinted document can compared against the hash value stored in the datastructure of FIG. 6A. A positive outcome of the comparison verifies theintegrity of the stored document image. Alternatively, a hash value canbe computed on the stored document image at the time of the comparison.When the integrity of the stored document image has been verified, thevisual comparison between the received printed document and the storeddocument image can be performed to verify content.

FIGS. 4B and 5B describe a variant of the foregoing described process.Those elements of FIG. 4B and steps of FIG. 5B which are common to FIGS.4A and 5A are identified by the same reference numeral. In theembodiment shown in FIGS. 4A and 5A, the machine readable information404 directly encodes the fingerprint information (i.e., the encryptedfingerprint data and the public key). Alternatively, FIGS. 4B and 5Bshow an embodiment in which the machine readable information 404 aencodes an identifier that is used to access the encrypted fingerprintdata and the public key rather than the encrypted fingerprint data andthe public key which is stored elsewhere in a data structure. Forexample, FIG. 6B shows an example of such a data structure organizedinto rows. Each row contains a triad comprising encrypted fingerprintdata, a decryption key, and an image of a document. An index identifieseach row in the data structure. A hash value field (not shown in FIG.6B) can be provided for additional integrity checking as discussedabove.

Thus, in FIGS. 4B and 5B a suitably configured printer driver 422 astores (step 507 a) the data triad comprising the encrypted fingerprintdata, the public key, and a print-image of the document in a suitabledata structure. The printer driver 422 b obtains a search key that cansubsequently be used to access the data triad from the data structure.In a step 507 b, the printer driver 422 b sends the search key to theprinter side component 424. For example, in the case of the datastructure of FIG. 6, the search key would be an index identifying therow in the data structure where the encrypted fingerprint data, thepublic key, and the document image are stored. Then in step 508, thesearch key can be encoded in as suitable machine readable information404′ that is then printed on the printable medium. In this particularembodiment, the fingerprint information comprises the search key.

The verification procedure on a printed document 426′ produced accordingto the embodiment shown in FIGS. 4B and 5B includes reading the machinereadable information 404 a and obtaining the search key (fingerprintinformation). The search key is then used to retrieve the data triadfrom the data structure (e.g., by indexing into the data structure ofFIG. 6). At this point, the encrypted fingerprint data and the publickey are obtained, and so the verification proceeds in the mannerdescribed above.

Turning to FIGS. 1A and 7, in another embodiment of the presentinvention, the printing apparatus 124 includes an RFID (radio frequencyID) writer 112. The RFID writer 112 is indicated in dashed lines.Similarly, an RFID writer 112 can be incorporated in the printingapparatus 124 a of FIG. 1B as an alternative embodiment. The RFID writer112 can communicate the fingerprint information to an RFID tag 702embedded in the printable medium 126. Therefore, in this particularembodiment, the machine readable information comprises the electronicdata of the fingerprint information that is stored in the RFID tag 702,rather than a printed glyph used to obtain the fingerprint information(e.g., 404 in FIGS. 4A, 5A). The control module 102 in the printer sidecomponent 424, upon receiving the fingerprint information from theprinting source 422, can operate the RFID writer 112 to transfer thefingerprint information to the embedded RFID tag 702 at the appropriatetime as the printable medium 126 passes the RFID writer 112. Techniquesfor embedding RFID tags in printable media such as paper are known. RFIDwriting devices for communicating data to an RFID tag are known.

An RFID reader can then be utilized to read out the fingerprintinformation from the RFID tag. Verification processing can then proceedas described above. RFID readers are known.

Thus, in accordance with the present invention, the fingerprintinformation can be transferred to the printable medium either byprinting machine readable information in the form of a barcode or someother glyph that encodes the fingerprint information, or by storing thefingerprint information in an embedded RFID tag.

FIG. 8 illustrates that a sheet of printable medium 802 can be printedwith multiple images 826 (e.g., coupons, or even currency). Each image826 x carries the fingerprint information 804, either in the form ofmachine readable information being printed in each of the images, or inthe form of electronic information stored in an embedded RFID tag. Thisprinting technique can be especially useful for large scale printing,where each sheet can have N (N>1) copies of the image.

Referring to the scanner 106 a shown in FIG. 2, a drive motor 204configured for x-y translation can be used to move the scanner overareas of the printable medium 802 within each of the images 826 to beprinted. Each area within an image 826 x can thus be scanned to obtain afingerprint for that image. The printed sheet of printable medium canthen be further processed by a cutting tool to cutout each image.

FIG. 8 illustrates the idea that it is not necessary that each imagecarry the fingerprinting information 804. The figure shows that someimages 826 y do not have fingerprint information. The figure furtherillustrates that the location of the fingerprint information in eachimage 826 x can be varied among the images.

The embodiment illustrated in FIG. 8 requires additional processing bythe printing source 422. The printer driver 422 a can be furtherconfigured to obtain additional configuration information such as thenumber of individual images to be printed on a sheet, location of thefingerprint information, and so on. The configuration information can beinteractively obtained from a user 402 via a GUI, from a configurationfile, through interaction with an application used to generate theimages 826, and so on. The printer driver 422 a can be furtherconfigured to convey the configuration information to the printer-sidecomponent 424. The printer-side component 424 can then performfingerprinting in an area of each image 826 x to be printed to producefingerprint data for each image. Recall that the fingerprint data isbased on the intrinsic structure of the sheet (e.g., sheet of paper).The intrinsic structure varies depending on the area of the sheet, soeach fingerprinted area will be unique to the image corresponding tothat fingerprinted area.

The printer driver 422 a can be further configured to communicate withthe printer-side component 424 to process the plurality of fingerprintdata that results from fingerprinting the plural images 826. Forexample, with respect to FIG. 5A, the steps 504-507 can be repeated foreach fingerprinted area among the images 826. Alternatively, the processcan be performed in batch mode where fingerprint data for each of theimages 826 are collected (step 504) and then the plurality offingerprint data are sent to the printing source 422 to be encrypted(steps 505, 506). The plurality of encrypted fingerprint data can thenbe sent to the printing-side component 424 per step 507.

FIG. 8 can be used to further illustrate another embodiment of thepresent invention, wherein a sheet 802 comprises a plurality of labels826, such as adhesive backed labels which can be peeled off and affixedto items. Each label can be printed in accordance with the foregoingdescribed embodiments. For each label, the label can be fingerprinted,the label's fingerprint and usage-specific information can be encryptedto produce cyphertext, and the cyphertext can then be encoded to producemachine readable information which is then printed onto the label. Suchlabels can be guaranteed to have been affixed by a certain authority,and to be unchanged from when the label was affixed to the item.

In another embodiment of the present invention, the printing sidecomponent 424 can digitally sign the printed document, in addition tothe user's digital signature. FIGS. 4C and 5C illustrate this particularembodiment. Steps in FIG. 5C that are common among FIGS. 5A-5C arerepresented by the same reference numerals and are discussed above.

Refer now to FIGS. 4C, 5C, and 9. Subsequent to the printer-sidecomponent 424 obtaining the fingerprint data in step 504, thefingerprint data is encrypted using a private key associated with theprinter-side component (step 515). FIG. 9 illustrates clear textfingerprint data 902, and encrypted fingerprint data 904 obtained usingthe printer-side private key (K_(E1)).

In a step 516, the encrypted fingerprint data is combined with theunencrypted public key K_(D1) that corresponds to the above private keyand the resulting data pair 906 is sent to the printing source 422. Notethat the content verification hash discussed above can be included. (seethe content verification hash H contained in 906′ in the alternativesequence of FIG. 9A).

In a step 517, the data pair 906 is encrypted by the printer driver 422a using the user-provided encryption key (private key) obtained in step502. FIG. 9 illustrates the encrypted data pair 908 obtained using theuser-provided private key (K_(E2)). The resulting encrypted data pair908 is paired up with the public key (K_(D2)) that is associated withthe user's private key and sent to the printer-side component 424 asdata pair 910, which constitutes the fingerprint information for thisparticular embodiment. Processing in the printer-side component 424proceeds as discussed above in connection with steps 508 and 509 toproduce the printed document 426′, including transferring thefingerprint information to the printed sheet 426′ in the form of printedmachine readable information 404.

Verification of a printed document 426′ obtained in accordance with thisembodiment of the present invention includes decoding the machinereadable information 404. The result of the decoding operation is thedata pair 910. The public key K_(D2) is then applied to the encrypteddata pair 908 to obtain the data pair 906. The public key K_(D1) is thenapplied to the encrypted fingerprint data 904 to obtain the fingerprintdata 902. At this point, the fingerprint data 902 has been retrieved andthe verification process can proceed as described above.

In an alternative embodiment that utilizes the above-described contentverification hash, the sequence in FIG. 9A applies. Verification of aprinted document 426′ obtained in accordance with this alternativeembodiment includes decoding the machine readable information 404. Theresult of the decoding operation is the data pair 910′. The public keyK_(D2) is applied to the encrypted data triad 908′ to obtain the datatriad 906′ (comprising encrypted fingerprint data, public key, and hashvalue). The public key K_(D1) is then applied to the encryptedfingerprint data 904 to obtain the fingerprint data 902. At this point,the fingerprint data 902 and content verification hash H have beenretrieved and the verification process can proceed as described above.

The foregoing description of the encryption sequence illustrated in FIG.9 explained that the printer-side component 424 performed the firstencryption and then the printing source 422 performed the secondencryption. FIG. 9 can be used to explain an alternative encryptionsequence, where the printing source 422 performs the first encryptionand then the printer-side component 424 performs the second encryption.In this particular embodiment, the printer-side component 424 sends thefingerprint data 902 to the printing source 422 (as in the embodimentshown in FIGS. 4 a and 5A), where the latter applies the user-providedencryption key K_(E1) to the fingerprint data to produce encryptedfingerprint data 904. The data pair 906 is sent to the printer-sidecomponent 424, where it is then encrypted using the printer-side privatekey (K_(E2)) to obtain the encrypted data pair 908. The encrypted datapair 908 is in turn paired with the printer-side public key (K_(D2)) toform the data pair 910. Finally, the data pair 910 is then encoded andtransferred to the printed document 426′ as printed machine readableinformation 404.

1. A method for printing an electronic document comprising: a firstcomputer system receiving from a second computer system, separate fromthe first computer system, a communication to print a document;transmitting to the second computer system fingerprint data for at leasta first sheet of printable media on which the document is to be printed,the fingerprint data based on data obtained from intrinsic structure ofthe first sheet of printable media; receiving from the second computersystem encrypted fingerprint data and a first decryption key, theencrypted fingerprint data comprising an encrypted form of thefingerprint data produced by the second computer system, the firstdecryption key suitable for decrypting the encrypted fingerprint data tothereby recover the fingerprint data; and printing the document on thefirst sheet of printable media, including transferring machine readableinformation to the first sheet of printable media, wherein the encryptedfingerprint data and the first decryption key can be obtained from themachine readable information.
 2. The method of claim 1 wherein the stepof transmitting fingerprint data includes scanning a first area of thefirst sheet of printable media with a beam of light to obtain opticaldata based on measurements of light scattered from intrinsic structureof the surface of the first area and processing the optical data toproduce the fingerprint data.
 3. The method of claim 1 wherein themachine readable information comprises an encoding of both the encryptedfingerprint data and the first decryption key.
 4. The method of claim 1further comprising receiving from the second computer system a hashvalue computed from a hash operation performed on the document to beprinted, wherein the machine readable information comprises an encodingof the encrypted fingerprint data, the first decryption key, and thehash value.
 5. The method of claim 1 wherein the fingerprint data istransmitted to the second computer system in unencrypted form.
 6. Themethod of claim 1 wherein the step of transmitting fingerprint dataincludes encrypting the obtained data to produce encrypted data, thefingerprint data comprising the encrypted data and a second decryptionkey suitable for decrypting the encrypted data to recover the obtaineddata.
 7. The method of claim 6 wherein encrypting the obtained dataincludes encrypting the obtained data with a second encryption key. 8.The method of claim 1 wherein the transferring includes encrypting theencrypted fingerprint data whereby the machine readable informationcomprises an encryption of the encrypted fingerprint data and a seconddecryption key suitable for decrypting the encryption of the encryptedfingerprint data to thereby recover the encrypted fingerprint data. 9.The method of claim 1 wherein the transferring includes either printingthe machine readable information on the first sheet of printable media,or storing the machine readable information in an electronic memory of atag embedded in the first sheet of printable media.
 10. The method ofclaim 1 wherein the fingerprint data is obtained from a first area ofthe first sheet of printable media, the method further comprisinggenerating additional fingerprint data for additional areas of theprintable media, wherein the steps of transmitting and receiving areperformed for the additional fingerprint data, wherein additionalmachine readable information is transferred to the first sheet ofprintable media.
 11. A printing device comprising: a control componentconfigured to control operations in the printing device and tocommunicate with a computer system that is separate from the printingdevice and is a source for print requests; a source of printable media;a fingerprinter operable to obtain fingerprint data from a sheet ofprintable media, the fingerprint data being determined based on anintrinsic structure of the sheet of printable media; and a printercomponent operable to produce printed matter on a sheet of printablematerial, the source of printable media configured to provide a firstsheet of printable media in response to receiving a request from thecomputer system to print an electronic document, the control componentfurther configured to: cause the fingerprinter to obtain data from aportion of the first sheet of printable media; transmit the fingerprintdata to the computer system; receive fingerprint information from thecomputer system comprising encrypted fingerprint data produced by thecomputer system and a first decryption key suitable for decrypting theencrypted fingerprint data to thereby recover the fingerprint data;cause the printer component to produce printed matter on the first sheetof printable media; and transfer machine readable information to thefirst sheet of printable media, wherein the fingerprint information canbe obtained from the machine readable information.
 12. The device ofclaim 11 wherein the fingerprint data is based on optical data obtainedfrom measurements of light scattered from intrinsic structure of thesurface of a first area of the first sheet of printable media.
 13. Thedevice of claim 11 wherein the machine readable information comprisesindicia printed on the first sheet of printable media.
 14. The device ofclaim 11 wherein the machine readable information comprises an encodingof the fingerprint information.
 15. The device of claim 14 wherein thefingerprint information further comprises a hash value computed from ahash operation performed on the electronic document to be printed. 16.The device of claim 11 further comprising a writer device configured totransmit data to a data store of an electronic tag embedded in a sheetof printable media, wherein the machine readable information comprisesdata transmitted by the writer device to the data store of an electronictag embedded in the first sheet of printable media.
 17. The device ofclaim 11 the source of printable media provides the first sheet ofprintable media by dispensing a single sheet of printable media.
 18. Thedevice of claim 11 wherein the control component is further configuredto encrypt the obtained data to produce encrypted data wherein thefingerprint data comprises the encrypted data.
 19. The device of claim11 wherein the control component is further configured to encrypt thefingerprint information.
 20. A method for printing an electronicdocument at a first computer system comprising: receiving from a secondcomputer system, separate from the first computer system, a request toprint a document; transmitting to the second computer system fingerprintdata for a first sheet of printable media on which the document is to beprinted, the fingerprint data determined from an intrinsic property ofthe first sheet of printable media, wherein the second computer systemencrypts the fingerprint data and stores the encrypted fingerprint dataand a first decryption key in a data store, the first decryption keysuitable for recovering the fingerprint data from the encryptedfingerprint data; receiving from the second computer system a locationindication which can be used to obtain from the data store the encryptedfingerprint data and the first decryption key stored therein; andprinting the document on the first sheet of printable media, includingtransferring machine readable information to the first sheet ofprintable media, wherein the location indication can be obtained fromthe machine readable information.